Multi Vendor Marketplace Plugin | WCFM Marketplace › Forums › WCFM – Marketplace (WooCommerce Multivendor Marketplace) › Major security issue that has not been fixed.
- October 3, 2019 at 2:31 am #84831
A few days ago another user posted here that Affiliate has access to Site Settings and you guys have not fixed this. You do realize that any affiliate can take all profits from the website owner if you do not fix this issue.
WARNING: WCFM AFFILIATE Account has access to SETTINGS, including Payment settings, Commission Settings, VENDOR COMMISSION SETTINGS, Product, Store and many other ADMIN Settings.
When affiliates log in, it takes them to their Affiliate Dashboard. Example
NOW, While logged in as an affiliate, If you replace the URL with https://mywebsite.com/store-manager/SETTINGS/ you will get access to ADMIN SETTINGS…
FIX THIS PLEASE. AFFILIATES SHOULD NOT HAVE ACCESS TO ALL THESE.
Attachments:You must be logged in to view attached files.
- October 10, 2019 at 12:46 pm #85970
Has any one of you guys had a chance to look in to this problem?
It has been over 1 week I have posted this issue and you have not fixed it or responded
- October 11, 2019 at 10:28 am #86181
We will take care of this in next update.
You must be logged in to reply to this topic.